Ransomware is the attack that turns a quiet Tuesday into a crisis. One moment your systems are running; the next, your files are scrambled and a message demands payment — often in cryptocurrency — to unlock them. For a business that runs its accounting, customer records and daily operations on those files, it is an existential event, not an inconvenience.
The good news is that ransomware is largely preventable with the basics, and — just as importantly — survivable with the right preparation. Here is how it works and how a Botswana business actually defends against it.
How ransomware really works
Ransomware is not magic. It almost always arrives through one of a few ordinary doors:
- A phishing email with a malicious attachment or link that someone opens.
- An account compromised through a weak or reused password — often because MFA was not switched on.
- An unpatched system exposed to the internet, where known weaknesses are exploited automatically.
Once inside, it spreads as far as the compromised account's access allows, encrypts everything it can reach, and then demands payment. The amount of damage is decided largely by two things you control: how far that first account could reach (access control), and whether your backups were in its path.
Prevention: close the common doors
Most ransomware is stopped by the same fundamentals that stop everything else. If you have read our cybersecurity guide, this will be familiar — because the basics matter that much.
- Multi-factor authentication (MFA) on every account, especially email and administrators. It blocks the account-takeover route entirely in most cases.
- Patch and update automatically. Unpatched software is the doorway attackers rely on.
- Least-privilege access. If the first compromised account can only reach a little, the ransomware can only encrypt a little. Blanket administrator rights turn a small incident into a company-wide disaster.
- Email filtering and staff awareness. Since phishing is the most common entry point, a spam filter plus a team that knows how to spot a suspicious message removes most of the risk. See phishing and email security.
- Endpoint protection. Reputable, up-to-date security software on every device catches a good share of known ransomware before it runs.
Survival: the backup is everything
Here is the hard truth: prevention reduces the odds, but nothing reduces them to zero. The control that decides whether a ransomware attack is a bad day or a closed business is your backup.
To survive ransomware, your backup must be:
- Automated — running daily (or more often for critical systems) without anyone remembering to do it.
- Off-site — in the cloud or otherwise away from your premises, so it survives theft, fire and flood as well.
- Isolated — and this is the part most businesses get wrong. If your backup is a drive permanently plugged into the server, or a cloud account your everyday login can delete, the ransomware reaches it too. The backup must be separated so a single compromised account or device cannot destroy it.
- Tested — you must have actually restored from it. A backup you have never tested is a hope. We schedule restore tests for clients precisely because so many businesses discover, at the worst moment, that their backups were silently failing.
With a clean, isolated, tested backup, the ransom demand loses its power: you wipe the affected systems and restore. Our backup and disaster recovery guide walks through how to set this up properly.
Why paying is the wrong answer
When the demand lands, paying can feel like the fast way out. It rarely is. Paying funds the criminals' next attack, marks you as a business that pays — which invites repeat targeting — and gives you no guarantee of a working decryption key. Many who pay never fully recover their data anyway. The dependable exit is restoring from backup, which is why every Pula spent on good backups is worth more than the ransom you avoid.
Have a simple plan before you need one
The businesses that recover well are the ones that decided what to do before the attack. A basic ransomware plan does not need to be elaborate:
- Isolate — disconnect affected machines from the network immediately to stop the spread.
- Assess — identify what was hit and what your clean backups cover.
- Restore — wipe and rebuild affected systems, then restore data from the isolated backup.
- Learn — find how it got in (usually a phished credential or unpatched system) and close that gap.
- Report — if personal data was affected, consider your obligations under the Data Protection Act.
If you are not confident your current setup would survive a ransomware attack — or you have never tested a restore — that is exactly the gap we help close. A short conversation is the best place to start.
Frequently asked questions
Should we ever pay a ransomware demand?
The strong general advice is no. Paying funds criminal operations, marks you as a business that pays (inviting repeat attacks), and offers no guarantee you will get a working decryption key. The reliable way out is a clean, tested, off-site backup you can restore from — which is why backup is the heart of ransomware defence.
What is the most important defence against ransomware?
An isolated, tested backup. Everything else reduces the chance of being hit; a good backup is what lets you recover without paying when prevention fails. The backup must be off-site and isolated enough that the ransomware cannot reach and encrypt it too.
How does ransomware usually get in?
Most often through phishing — someone opens a malicious attachment or link — or through an account compromised by a weak or reused password, or an unpatched system exposed to the internet. The defences are therefore the cybersecurity basics: MFA, patching, staff awareness and least-privilege access.